Subversion Repositories oidplus

Rev

Rev 566 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 566 Rev 569
Line 17... Line 17...
17 
 * limitations under the License.
 17 
 * limitations under the License.
18 
 */
 18 
 */
19 
 
 19 
 
20 
if (!defined('INSIDE_OIDPLUS')) die();
 20 
if (!defined('INSIDE_OIDPLUS')) die();
21 
 
 21 
 
22 
class OIDplusSessionHandler {
 22 
class OIDplusSessionHandler implements OIDplusConfigInterface {
23 
 
 23 
 
24 
        private $secret = '';
 24 
        private $secret = '';
25 
        protected $sessionLifetime = '';
 25 
        protected $sessionLifetime = '';
26 
 
 26 
 
27 
        public function __construct() {
 27 
        public function __construct() {
Line 92... Line 92...
92 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
 92 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
93 
 
 93 
 
94 
                $_SESSION[$name] = self::encrypt($value, $this->secret);
 94 
                $_SESSION[$name] = self::encrypt($value, $this->secret);
95 
        }
 95 
        }
96 
 
 96 
 
97 
        public function getValue($name) {
 97 
        public function getValue($name, $default = NULL) {
98 
                if (isset($this->cacheSetValues[$name])) return self::decrypt($this->cacheSetValues[$name], $this->secret);
 98 
                if (isset($this->cacheSetValues[$name])) return self::decrypt($this->cacheSetValues[$name], $this->secret);
99 
 
 99 
 
100 
                if (!isset($_COOKIE[session_name()])) return null; // GDPR: Only start a session when we really need one
 100 
                if (!isset($_COOKIE[session_name()])) return $default; // GDPR: Only start a session when we really need one
101 
                $this->sessionSafeStart();
 101 
                $this->sessionSafeStart();
102 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
 102 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
103 
 
 103 
 
104 
                if (!isset($_SESSION[$name])) return null;
 104 
                if (!isset($_SESSION[$name])) return $default;
105 
                return self::decrypt($_SESSION[$name], $this->secret);
 105 
                return self::decrypt($_SESSION[$name], $this->secret);
106 
        }
 106 
        }
107 
 
 107 
 
- 
 
 108 
        public function exists($name) {
- 
 
 109 
                if (isset($this->cacheSetValues[$name])) return true;
- 
 
 110 
 
- 
 
 111 
                if (!isset($_COOKIE[session_name()])) return false; // GDPR: Only start a session when we really need one
- 
 
 112 
                $this->sessionSafeStart();
- 
 
 113 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
- 
 
 114 
 
- 
 
 115 
                if (!isset($_SESSION[$name])) return false;
- 
 
 116 
        }
- 
 
 117 
 
- 
 
 118 
        public function delete($name) {
- 
 
 119 
                if (isset($this->cacheSetValues[$name])) unset($this->cacheSetValues[$name]);
- 
 
 120 
 
- 
 
 121 
                if (!isset($_COOKIE[session_name()])) return; // GDPR: Only start a session when we really need one
- 
 
 122 
                $this->sessionSafeStart();
- 
 
 123 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
- 
 
 124 
 
- 
 
 125 
                unset($_SESSION[$name]);
- 
 
 126 
        }
- 
 
 127 
 
108 
        public function destroySession() {
 128 
        public function destroySession() {
109 
                if (!isset($_COOKIE[session_name()])) return;
 129 
                if (!isset($_COOKIE[session_name()])) return;
110 
 
 130 
 
111 
                $this->sessionSafeStart();
 131 
                $this->sessionSafeStart();
112 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
 132 
                OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime);
Line 115... Line 135...
115 
                session_destroy();
 135 
                session_destroy();
116 
                session_write_close();
 136 
                session_write_close();
117 
                OIDplus::cookieUtils()->unsetcookie(session_name()); // remove cookie, so GDPR people are happy
 137 
                OIDplus::cookieUtils()->unsetcookie(session_name()); // remove cookie, so GDPR people are happy
118 
        }
 138 
        }
119 
 
 139 
 
120 
        public function exists($name) {
 - 
 
121 
                return isset($_SESSION[$name]);
 - 
 
122 
        }
 - 
 
123 
 
 - 
 
124 
        protected static function encrypt($data, $key) {
 140 
        protected static function encrypt($data, $key) {
125 
                if (function_exists('openssl_encrypt')) {
 141 
                if (function_exists('openssl_encrypt')) {
126 
                        $iv = random_bytes(16); // AES block size in CBC mode
 142 
                        $iv = random_bytes(16); // AES block size in CBC mode
127 
                        // Encryption
 143 
                        // Encryption
128 
                        $ciphertext = openssl_encrypt(
 144 
                        $ciphertext = openssl_encrypt(